10 Pitfalls in Creating a Successful Business Continuity Plan
By Tom Abruzzo
In these tough economic times, when the stock market had its worst downslide since 1931 and we are awaiting a national stimulus package, businesses are shifting gears. They are tapping employees in long-term strategic positions to concentrate on short-term revenue-producing functions.
Yet, regardless of the grim outlook, the risk of disaster doesn’t lessen — natural disasters, power outages, malicious acts, etc. still occur. If disaster does strike, companies are still beholden to stockholders, key vendors and clients to keep them supplied and operating. Every company’s survival depends on that.
In putting together a smart Business Continuity Plan (BCP), we’ve found several common missteps that can hinder a successful plan. Here are 10 pitfalls and recommended ways to overcome them.
#1 Giving a Plan Lip Service
Recommendation: Every company needs a plan. Participants need to be aware of their roles and responsibilities in the plan, and every plan needs to be kept up to date. Providing lip service is actually a “dis-service,” and equivalent to not planning at all.
#2 Overemphasis on Risk Threat Assessment (RTA)
However, we’ve found many get so caught up in the minutia of assessing the risks that they never complete the plan. No one can eliminate all the risks that can cause a disaster — power outages, natural disasters, pandemics, etc. If these are unpreventable, why waste time analyzing them, including their probabilities, consequences, mitigation strategies, resulting implementation costs, etc.?
Recommendation: The key in BCP is to plan for the result of the threat, not the threat itself.
#3 Getting bogged down in the BIA
Recommendation: Make your best estimate of a realistic recovery time and point objectives for your business, and go with those targets.
#4 Insufficient Scrutiny of Your Supply Chain
Recommendation: Scrutinize your key vendors and make certain they have a business continuity plan in place.
# 5 Making the Assumption Your Vendors Will Help You
Recommendation: Get your key vendors and partners to commit and confirm they will supply you what you need, i.e., the fuel, software keys, whatever is crucial to your business operations.
#6 Combining a Pandemic Plan with a Traditional BCP
A pandemic plan assumes a high percentage of staff absenteeism. In addition to actually being ill, this high percentage can be due to a number of factors affecting the employee, such as caring for school-age children as a result of all the schools being closed, fear of becoming sick, caring for someone who is ill, psychological effects of seeing so much sickness and death (this type of situation amplifies nervous breakdowns, suicides, etc.), or they may already be dead.
Recommendation: Separate and treat these as two different issues and plans.
#7 Overemphasis on Documentation
Recommendation: Rather than require that plan participants search through one or more large three-ring binders, the best tactic to get them off the ground is a BCP wallet card. This credit card sized tool should contain just the most salient information, such as the disaster alert hot line number; emergency operations center location information; key recovery team personnel information; recovery facility information; and a reminder that safety is first and to call 911 in an emergency. For sure, you need supporting data and call lists, and those nitty-gritty details should be in that three-ring binder.
#8 Untrained Plan Participants
Recommendation: Create a document to use as a reference guide, but have employees memorize key information. This includes locations of Emergency Operations Centers; whom or where they should call; information that the wallet card contains; and the recovery teams the plan participant is involved with for the BCP.
# 9 Premature Surprise Exercises
Recommendation: A plan should be thought of as a reference document, not something to be entirely memorized — that is counterproductive to strengthening. Therefore, an “open book” test will work well if the plan is in early stages. As the plan progresses, employees can memorize certain salient points so they know instinctively the overall course of action in a crisis. The objective of a test is not to fool people but to exercise and strengthen the plan.
# 10 Lack of Maintenance
Recommendation: Automate this task with software. A Business Continuity Management (BCM) software tool gives plan owners the ability to easily update their own planning data through a simple online system, and provides the ability for administrators to see at a glance the status of the planning efforts, including everyone’s functions, when training was performed, the results of exercises and drills, etc. It is also a great asset to develop plan disclosure and certification statements for your clients, employees, partners/vendors and prospects.
Tom Abruzzo has been specializing in business continuity management and contingency planning for more than 30 years. He is the president and founder of TAMP Systems, which is a DRI Certified Business Continuity Vendor (CBCV). He is also the original developer of the planning software product named the Disaster Recovery System (DRS™), which decreases manual efforts to create, manage, and keep disaster recovery and business continuity plans up-to-date. In 2005, Tom was inducted into the CPM Hall of Fame. CPM is an independent organization that recognizes significant contributions in the field of business continuity. He can be reached at firstname.lastname@example.org.